A Security researcher has come across a new zero-day IE exploit while analyzing a malware page that was being used to exploit Java vulnerabilities. According to Metasploit team, the Internet Explorer 7, 8, and 9 on Windows XP, Vista and 7 are vulnerable to this attack.
Eric Romang has discovered a “/public/help” folder on one of the infected servers . He found one flash file(.swf) , two html page (protect.html,exploit.html) and exe file.
When he opened the exploit.html page, it loads the flash file ,which in turn loads the other HTML page( protect.html). Together, they help drop the executable on to the victim's computer.
Image Credits: Alientvault |
Metasploit team immediately developed Metasploit module for this exploit.This module exploits a vulnerability found in Microsoft Internet Explorer. When rendering an HTML page, the CMshtmlEd object gets deleted in an unexpectedly matter, but the same memory is reused again later in a CMshtmlEd::Exec() function, which causes an use-after-free condition.
According to Metasploit researchers, the exploit, which had already been used by malicious attackers in the wild before it was published in Metasploit, is affecting about 41% of Internet users in North America and 32% world-wide.
Since Microsoft has not released a patch for this vulnerability yet,we advice IE users to switch to other browser until a security update becomes available.